Dropping Elephant APT Targets Old Windows Flaws

[RV_]

Many time here I have posted about how Windows has been hardened to the point that most infections and theft occur only through third party programs and social engineering/phishing schemes.

 

When folks act like Windows is getting infected all the time it is usually a user who clicked on an attachment and found themselves infected with ransomware, or they never updated Adobe Flash or allowed Adobe reader to stay on their systems. Flash is now updated by Windows so they can stop taking the blame when users don't keep up with their third party programs like Adobe, Java, etc.

 

It was also a given that a certain number of folks would never update or patch their computers because they took too long or they got by so far, or they take too much bandwidth. It is estimated that 60% of Windows machines back in the XP/Vista, and Windows 7 days.

 

Now all that can be deferred are performance updates. Security patches are pushed with Windows 8/8.1/10. I think that is a good thing, but some may disagree and for them that is their right. They bought their systems.

 

But this is ridiculous. It appears that folks are succeeding in infecting a lot of old and new computers with old malware Windows patched and defeated in the last decade and a half! Any computer that has been patched by the latest Windows updates are immune to these old malware kits.

 

But this is shocking to me even knowing that. Government Embassies including US overseas Government offices are getting infected and classified data is being stolen because they are not patched for the oldest vulnerabilities out there!

 

Excerpt:

 

"Don’t judge an APT by its exploits alone. That’s the takeaway from a report that details a unique advanced persistent threat that leverages a kludge of unsophisticated, outdated and rudimentary attack tools to conduct cyber espionage. The target of the attacks are government and diplomatic agencies in Asia with close ties to China.

 

Researchers discovered the APT group, dubbed Dropping Elephant, and report that it was active between November 2015 and this June. The APT, discovered by researchers at Kaspersky Lab and outlined in a report released today, relies exclusively on social engineering and low-budget malware tools and outdated exploits against old, patched Windows vulnerabilities.

 

The group, according to the report, chooses targets mainly in Asia, paying particular attention to Chinese government and diplomatic organizations – and also to foreign embassies and diplomatic offices in China, including those of Pakistan, Sri-Lanka, Uruguay, Bangladesh, Taiwan, Australia and USA, according to the report.

 

“Despite using such simple and affordable tools and exploits, the team seems capable of retrieving valuable intelligence information,” said Vitaly Kamluk, director of Kaspersky Lab’s APAC Global Research and Analysis Team.

 

The Dropping Elephant’s ragtag approach included standard attack schemes starting with two-stage phishing email attack. Phase one involves sending email with a harmless attachment that when opened pinged the attacker’s command and control server with details pertaining to the target’s computer. The second stage included sending an email with either Microsoft Word or PowerPoint document that contained exploits (CVE-2012-0158 and CVE-2014-6352) effective on unpatched versions of Microsoft Office.

 

In other cases, according to Kaspersky Lab, the APT attacker also relied heavily on social engineering to reach desired targets. “Some victims are targeted by a watering hole attack: they receive a link to a website disguised as a political news portal, focused on China’s external affairs,” according to Kaspersky Lab. Links lead to additional content that included Microsoft PowerPoint files that contained malicious payloads.

 

“The content of the malicious PPS is based on carefully chosen, genuine news articles featuring widely discussed geopolitical topics, which makes the document look more trustworthy and likely to be opened. This leads many users to become infected,” according to Kaspersky Lab."

 

There is much more ridiculousness in the full article here: https://threatpost.com/dropping-elephant-apt-targets-old-windows-flaws/119123/